KubeCon + CloudNativeCon Europe 2022

Developing Controllers -- as well as other Kubernetes native extensions like admission webhooks -- is quickly becoming a mainstream practice to solve problems in a Kubernetes native way; but while developing a simple controller is pretty straightforward, things become complex as soon as you have behavioral dependencies with other components. But don't worry, this talk will provide you with reusable design patterns derived from the concrete experience and the hard lessons learned by the maintainers of Cluster API and Kubewarden, two projects built around the idea of extensible controllers. How to develop a plug-in system for your controller/admission webhook? How to add to your controller the capability to do RPC calls to pluggable external components? How to orchestrate many controllers co-operating in solving complex tasks? Come to this talk, we got you covered!

Click here to view captioning/translation in the MeetingPlay platform!

Recent applications are latency-sensitive, demanding low latency between microservices in the application. Current scheduling algorithms in Kubernetes aim to reduce costs and increase resource efficiency, which is not enough for applications where end-to-end latency becomes a primary objective. Applications such as databases and multi-tier web services would benefit the most from network-aware scheduling policies that consider latency and bandwidth in addition to default resources (CPU and memory). We introduce a network-aware scheduling framework to tackle this challenge, including two controllers (AppGroup and NetworkTopology) and three scheduling plugins (TopologicalSort, NodeNetworkCostFit, and NetworkMinCost). The framework ensures bandwidth reservations and optimizes the end-to-end application latency since it schedules pods in an application with chained dependencies close to each other. We will show a demo highlighting the benefits of our framework.

Click here to view captioning/translation in the MeetingPlay platform!

Constant movement and adaptation to change is the story of DFDS, a logistics company from Denmark. Every ship, truck, or warehouse needs to be fully connected and be able to drive autonomous and smart decisions. At the same time, customer and business demands change constantly, and software development teams need to build and update solutions at an ever-increasing rate. In this talk, Tobias and Matthias like to introduce DFDS’s decentralized and distributed problem space and how they have mastered this challenge by introducing Kubernetes based Digital Twins. They will talk about how to align software teams from all over the organization, and how a platform build on top of Crossplane and Backstage can guide and accelerate teams.

Click here to view captioning/translation in the MeetingPlay platform!

Confidential Containers (https://github.com/confidential-containers) enable cloud native confidential computing (https://confidentialcomputing.io/faq/) leveraging a variety of hardware platforms and technologies, standardising the confidential computing at the container level, helping users to deploy confidential workloads using already familiar workflows and tools; and in this Panel we're bringing together contributors from different hardware vendors, different projects (in different layers of the stack), and different companies to discuss and answer questions about this new complex technology. Topics for discussion will include: * How do we realise the benefits of cloud native confidential computing? * What impact is there to the Cloud Native User Experience? * What new considerations/concepts does confidential containers introduce? Note that this panel is a follow-up on what has been developed since https://www.youtube.com/watch?v=zTn9Xt1k1OA was presented.

Click here to view captioning/translation in the MeetingPlay platform!

Today's applications strive to boot fast, be stateless, and handle unexpected terminations gracefully. However, some applications like distributed caches can take a while to warm up to a running state, while batch workers would rather avoid being terminated before they're done. At Slack, such applications found their home in Kubernetes thanks to a two-sided system: one one hand an admission webhook injects tolerations in pods to inform their requirement to be long-lived, and on the other hand a custom service taints nodes with their uptime. This results in pods desiring a long life to be scheduled on young nodes less likely to be terminated early. This talk will first describe how to write a simple Kubernetes admission webhook (https://github.com/slackhq/simple-kubernetes-webhook) to inject tolerations in pods, then move onto the symbiotic node tainting system, and end with gotchas and some metrics on how this long-lived pod support is used at Slack.

Click here to view captioning/translation in the MeetingPlay platform!

Adoption of cloud technologies by high performance computing (HPC) is accelerating, and HPC users want their applications to perform well everywhere. While container orchestration frameworks provide advantages like resiliency, elasticity, and declarative management, they are not designed to enable application performance to the same degree as HPC workload managers and schedulers. In response to increased interest in scheduling flexibility, the Kubernetes community developed the Scheduling Framework to facilitate integration of new policies and schedulers. We present KubeFlux, a Scheduling Framework plugin based on the Fluxion open-source HPC scheduler developed at the Lawrence Livermore National Laboratory. We discuss uses for KubeFlux and compare the performance of an application scheduled by the Kubernetes default scheduler and KubeFlux. KubeFlux is an example of the rich capability that can be added to Kubernetes and paves the way to democratization of the cloud for HPC workloads.

Click here to view captioning/translation in the MeetingPlay platform!

Kubernetes' extensible API has turned it into a de-facto abstraction layer not just for building, deploying and operating cloud-native apps, but also as the control plane for the entire enterprise, to provision and manage cloud resources and complex platform components. This session will be about the journey of Kubernetes and Crossplane at Deutsche Bahn, to provide platform consumers with access to a unified API for deployments, infrastructure provisioning and applications in a manner that is independent from the cloud, addressing compliance and cross-cutting concerns while providing a Kubernetes “native” experience. The journey has not been without challenges, where the platform team has managed technical and functional requirements including an access model in an enterprise environment, user expectations of cloud native infrastructure usage, and issues with excessive API load, shared resources, as well as controllers written by the team and open sourced along the way.

Click here to view captioning/translation in the MeetingPlay platform!

In this workshop, you will experience the power of Infrastructure as Code and GitOps to automate the provisioning, modification, and extension of a Kubernetes cluster. Join me to learn how to use Terraform to spin up a Kubernetes cluster and install FluxCD, which will watch a GitHub repo and automatically apply any changes made via git commit. In order to keep all of your credentials like secrets, passwords, and tokens in your GitHub repo, we will show you how to use the sealed-secrets project to enable one-way encrypted secrets that can only be decoded inside the cluster. Finally, you will install and use Crossplane to provision digital infrastructure from inside your Kubernetes cluster, including resources from different cloud providers, giving you a chance to experiment with multi-cloud infrastructure.

Click here to view captioning/translation in the MeetingPlay platform!

Dynamic Admission Controllers are currently the only way to extend the Kubernetes API Server to implement security and conformance policies. They work great, but they also have drawbacks. How would it be to have a flexible way to extend the built-in admission controllers that doesn’t resort on Webhooks? This talk will show a prototype that leverages WebAssembly as a way to enrich the Kubernetes API Server capabilities. What if this is just the beginning of extending Kubernetes core pieces with WebAssembly? Do you want to join us in this experiment?

Click here to view captioning/translation in the MeetingPlay platform!

Over the past year, the adoption of Cluster API (CAPI) has been growing with more end-users using it to provision their clusters. And increasingly it’s being adopted inside commercial products and other OSS projects (e.g. EKS-Anywhere). With this growth comes an increase in the variety of the Cluster API Providers you can choose from. What if none of the existing providers suit your use case? Perhaps you want to bring your own hosts or integrate with a custom infrastructure provisioning mechanism. If that's the case, this talk is for you. Come learn from the maintainers of existing CAPI providers on how to get started creating your own provider. It’s hard but at the same time easier than it sounds. Although every provider has unique considerations in its offering, there is a lot of commonality when it comes to writing a provider. This talk will highlight the common patterns, develop and debug workflows, and common pitfalls / gotchas to take into account when writing your own provider.

Click here to view captioning/translation in the MeetingPlay platform!

Multi-Cloud is becoming a new trend in recent years. It is the superset of multiple public cloud, hybrid, on-premises, and edge. It not only provides higher availability and flexibility but also prevents vendor lock-in. Karmada is a kubernets management system, it is natively suitable for multi-cloud application management. In this topic, Zhonghu will show you what Karmada can do for Multi-Cloud applications communicating on flat network and different networks. There are already many solutions that can help acquire L3 network connectivity cross multi-cloud, like VPN peering, submariner, etc. So the biggest challenge is L7 traffic management, Zhonghu will elaborate on how Karmada perfectly integrates with Istio to provide flexible and rich L7 traffic management features: priority routing, failover to another cloud, and also brings natural security in east-west traffic.

Click here to view captioning/translation in the MeetingPlay platform!

Kubernetes is a very open system allowing developers a great extent of freedom. However it still follows rules, design principles and sets well-described boundaries. It constrains developers to well understood cans and cants. Prohibiting cross-namespace ownership of resources is one of such rules. A namespace scoped resource can't be an owner to a resource in a different namespace. Yet, there always is that one use case that we can't solve in any other way than by smashing through those walls of rules. We will explore why such a use case makes sense. And what challenges rigid namespace isolation brings to integration between Kubernetes native services. We will discover how one can construct a solution to this problem. Without re-implementing or replacing default core services - like the native garbage collection mechanisms.

Click here to view captioning/translation in the MeetingPlay platform!